Usually, one of the most popular recommendations to protect the security of our mobile devices is to download applications only from the Google Play Store. Unfortunately, sometimes it is not enough to rely on the Big G store because, it can happen, that even there applications infected with malware lurk. This is the case of an application recently removed from the store, 2FA Authenticatorwhich actually hid the malware inside Vultur. Let’s see what it is.
The Vultur malware can gain access to your bank details and empty your account
The discovery was made by colleagues from Pradeo who promptly reported the matter to Google which, in turn, removed the offending application from the Play Store after 15 days. 2FA Authenticator, installed by over 10,000 usershas been identified as a trojan-dropperwhich is a malicious application whose purpose is to secretly install malware on the infected device. From the analyzes carried out it appeared that the primary purpose was to install a malware called Vultur, which in turn targets financial services to steal the banking information of the unfortunate users.
In addition to the fact that the application was inherent in two-factor authentication, and therefore dedicated to security, it actually worked as such. The developers indeed they used the open source code of another authentication application and then injected the malware into it, so that 2FA Authenticator actually worked without arousing suspicion in users. Unlike other similar applications, however, this one it required rather special permissions that were not listed on the Play Store, for example the application was able to:
- collect and send the application list and user location
- disable the key lock and any associated security passwords
- download third-party applications masking them as updates
- operate autonomously even with the application switched off
- use SYSTEM_ALERT_WINDOW permission to override other applications
Once all the necessary information had been collected, Vultur mainly targeted banking applications and, having access to users’ biometric data, could operate in total autonomy. As already mentioned, the application is no longer available on the Play Store, but if you were among those who downloaded it, run now to uninstall it from your smartphone and check that there are no problems with your bank accounts.